Statutory and non-statutory regulator Qualifying Regulatory Provisions report — Information Commissioner’s Office 


Information Commissioner’s Office (ICO) 


Table 1: Qualifying Regulatory Provisions that came into force during the first Business Impact Target reporting period (i.e. 8 May 2015-26 May 2016) 


Title of measure 


Description of measure 


BIT score (£ millions) 


RPC reference number 


A practical guide to IT 
security 


Came into force 6 


Provides practical advice on IT security measures that organisations can 
take to safeguard personal data and how to meet the requirements of 
the Data Protection Act 1998 (DPA). 


0.00 


RPC17-MOJ-ICO-3930 


January 2016 
Wi-Fi Location Provides good practice advice to operators of Wi-Fi and other 0.00 RPC17-MOJ-ICO-3931 
Analytics Guidance communications network about how they may use location and other 
analytics data in compliance with the DPA. 
Came into force 16 
February 2016 
Using crime and Provides good practice advice to businesses, explaining how to apply 0.00 RPC17-MOJ-ICO-3932 
taxation exemptions the exemption to personal data when it is processed for the purposes of 
(section 29) crime and/or taxation. 
Came into force 26 
May 2015 
Preparing for the Provides good practice advice to prepare organisations for the 0.00 RPC17-MOJ-ICO-3933 


General Data 
Protection 
Regulations (GDPR) — 
12 steps to take now 


Came into force 14 
March 2016 


enforcement of the GDPR in May 2018. 
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How to disclose 
information safely — 
removing personal 
data from 
information requests 
and datasets 


Came into force 1 
October 2015 


error. 


Provides good practice advice on how to respond appropriately to 0.00 
requests for information without disclosing personal or other data in 


RPC17-MOJ-ICO-3935 


Assessing Adequacy — 
International Data 
Transfers 


Came into force 29 
September 2015 


Economic Area. 


Provides good practice advice on how organisations should analyse the | 0.00 
protection of data which is transferring outside of the European 


RPC17-MOJ-ICO-3936 


Table 2: Qualifying Regulatory Provisions that came (or are expected to come) into force during the second and final Business Impact Target reporting 


period (i.e. 27 May 2016-8 June 2017) 


Title of measure 


Description of measure 


BIT score (£ millions) 


RPC reference 
number 


Privacy Notices Code | Provides advice, guidance and good practice recommendations to organisations to help 0.00 RPC17-MOJ-ICO- 
of Practice them meet their obligations to tell people how they are using their personal data and to 3929 
seek consent where appropriate. 
Came into force 7 
October 2016 
Overview of the Provides good practice advice on the provisions of the GDPR and how to comply with 0.00 RPC17-MOJ-ICO- 


GDPR 


Came into force 7 
July 2016 


that framework. 


3934 
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